mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-07 01:41:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
5884 commits 23 branches 109 tags 32 MiB
Commit graph

7 commits

Author SHA1 Message Date
Christian Boltz
39f7e5723c
add profile names to dovecot profiles 2020-06-11 12:57:53 +02:00
Christian Boltz
f0491d0d64
Change #include to include in active profiles 2020-06-09 23:30:24 +02:00
John Johansen
730db17607 policy: tag policy with the AppArmor 3.0 abi 
Tag profiles and abstractions with abi information.

Tagging abstractions is not strictly necessary but allows the parser
to detect when their is a mismatch and that policy will need an
update for abi.

We do not currently tag the tunables because variable declarations
are not currently affected by abi.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/491
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Steve Beattie <sbeattie@ubuntu.com>
 2020-05-29 00:23:17 -07:00
Christian Boltz
110d6d214c
switch local includes to "include if exists" 2020-05-03 22:01:13 +02:00
Christian Boltz
0f6be43d8e dovecot profile update 
Some updates for the dovecot profiles, based on a patch from 
Christian Wittmer <chris@computersalat.de> (he sent it as SR for the 
openSUSE package, which uses a slightly older version of the dovecot
profiles)

Fix problems with dovecot and managesieve:
* usr.lib.dovecot.managesieve-login: network inet6 stream
* usr.lib.dovecot.managesieve:
  +#include <tunables/dovecot>
    /usr/lib/dovecot/managesieve {
  +  capability setgid,   # covered by abstractions/dovecot-common, therefore not part of this patch
  +  capability setuid,
  +  network inet stream,
  +  network inet6 stream,
  +  @{DOVECOT_MAILSTORE}/ rw,
  +  @{DOVECOT_MAILSTORE}/** rwkl,
* add #include <abstractions/wutmp> to usr.lib.dovecot.auth
   apparmor="DENIED" operation="open" parent=18310 \
   profile="/usr/lib/dovecot/auth" name="/var/run/utmp" pid=20939 \
   comm="auth" requested_mask="r" denied_mask="r" fsuid=0 ouid=0


Acked-by: Steve Beattie <steve@nxnw.org>

Bug: https://launchpad.net/bugs/1322778
 2014-07-07 23:35:18 +02:00
Steve Beattie
70926b5d55 profiles: add dovecot-common abstraction 
This commit adds a dovecot-common abstraction, as well as adjusting
the profiles for dovecot's helper binaries to make use of it. The
important addition is the ability for the dovecot master process to
send signals to the helpers.

Signed-off-by: Steve Beattie <steve@nxnw.org>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
 2014-06-27 12:14:53 -07:00
Christian Boltz
df94a355fc [2/3] dovecot profiles: add profiles for new dovecot 2.x binaries 
dovecot 2.x comes with several new binaries in /usr/lib/dovecot. 
This patch adds profiles for

/usr/lib/dovecot/anvil 
/usr/lib/dovecot/auth 
/usr/lib/dovecot/config 
/usr/lib/dovecot/dict 
/usr/lib/dovecot/dovecot-lda 
/usr/lib/dovecot/lmtp 
/usr/lib/dovecot/log 
/usr/lib/dovecot/managesieve 
/usr/lib/dovecot/ssl-params

References: https://bugzilla.novell.com/show_bug.cgi?id=851984


Acked-by: John Johansen <john.johansen@canonical.com>
 2014-01-26 22:46:51 +01:00